Cyber Security for your business and why SME’s need to worry about it.

Cyber Security for your business and why SME’s need to worry about it.


A cyber-attack on any business could be a catastrophe waiting to happen!

We might think it’s just the big boys that Cyber criminals attack – we all know the stories of Yahoo, Linkedin and the huge IT companies in Europe and America – those stories of course make the headlines – what is perhaps less reported is that SME’s are equally at risk with thousands of companies being attacked and hacked. Therefore cyber security for small to medium sized businesses is just as important as it is to the large multi-nationals.

Of course, retailers are particularly at risk due to the number of consumer transactions they process. This was highlighted when TJX – parent company to TK Maxx – had to announce that a hacker had accessed 45.5m credit and debit card details and the personal information of 451 shoppers who had returned goods. The cost incurred by the company amounted to just under a billion pounds. Such stories will have sent shivers down the spine of senior management in any business that relies upon IT for its ability to do business every day because it could happen to anyone.

Cyber-attacks are on the rise

Cybercrime is on the rise with more than half (55%) of UK firms reporting an attempted cyberattack; a 15% rise from the previous year. Small businesses are becoming increasingly at risk, too – a recent report highlights a 14% increase from the previous year in firms reporting cyberattack incidents.

Cyber security for businesses is becoming more and more important. A recent Gov.UK survey reported that more than three out of five firms had reported a cyber-attack in the previous 12 months. It can lead to lost revenue, a damaged reputation and in some cases even fines. Anyone who uses computers or the internet at work and holds data about customers, suppliers, or employees, or carries out online transactions, or just uses social media, should think about security.

So, what does cyber insurance do?

It’s also known as cyber liability insurance, or data protection insurance. Well simply put – it’s there to make sure your business is protected against cyber-crime – things like fraud, data theft and social engineering, where criminals attempt to fool you into parting with money, information or both and equally important it also covers data breaches where sensitive information is accidentally shared. By taking out Cyber insurance cover you can be protected against new and existing threats, but it will also help with the practicalities of getting experts to restore systems, recreate data and even deal with any demands being made where data is stolen.

Head in the sand

In the insurance industry and the legal profession, where the fall-out from computer IT/data disasters is seen every day, businesses and other organisations dependent upon IT are simply burying their head in the sand and hoping that they never experience a loss or claim for damages; but if they do life as they have known it will change forever.

Insurance is becoming available for all kinds of IT and data risks; there are several different kinds of risk and no single insurance policy covers them all. Most importantly the business interruption insurance that most businesses rely upon as covering what it says on the tin “business interruption” cannot be relied upon to cover any interruption to a business stemming from an IT issue.

Data, especially personal data, is becoming a “currency” of its own. The criminal world is expanding thanks to the relative ease it takes to gather high volumes of information either accessed from or held within cyberspace.

Three key causes of loss

According to Net Diligence’s recent study of cyber and data breach the reasons for data loss break down fall into three main areas.

  • Hackers and criminals were responsible for 32% of breach events
  • Rogue employees were the cause of 19% of data breaches
  • Theft of mobile computer equipment such as laptops and memory sticks carrying unencrypted data was responsible for 33% of breaches

So, what are the things that any business should worry about?

  • Cyber-risks include
  • Liability for accidental loss of data and its consequences
  • Liability for loss of data and its consequences by deliberate, wilful, dishonest, negligent and fraudulent means.
  • Accidental damage caused by computer-driven property/equipment
  • Loss or damage caused by failures or malfunctions of computers
  • Loss, damage and liability caused by algorithmic errors or malfunctions
  • Loss of reputation, opportunity, intellectual property

Some of the more common sources of loss, damage and liability arise from

  • The storage of data on mobile devices
  • Losing unencrypted USB sticks;
  • Accidentally emailing private information to the wrong email address;
  • Breach of strict security standards in retailers’ merchant agreements for credit card and banking operations
  • Un-indemnified contractual losses of data in Cloud Computing contracts
  • Loss of data held by third party subcontractors on behalf of a Principal for which the Principal is responsible to its customer.
  • Rumours, (defamation; libel and slander) especially in networking and social media sites and in Marketing and PR operations.

If you take nothing else away from this article then check with your broker just what cover you do have for business interruption arising from IT losses and claims.

Cyber risk check list

Here’s how you can assess whether you require cyber liability cover:

Do you process or store any form of credit card data? If yes, then you may be exposed to the risk of privacy breaches and the consequent PCI fines, card reissuance costs, and liability for fraud carried out on the compromised cards.

Do you store or process commercially sensitive third party data? If yes, then you are likely to have serious contractual liability in the event that the security of the third party data is breached as well as risks of reputational harm.

Do you operate an interactive or transactional website? If yes, then you will be subject to a wide range of statutory duties both domestically and internationally. Breaches of these duties can often give rise to civil liability as well as regulatory penalties.

Do you use a cloud service provider to store sensitive information? If yes, then you could be held liable for information lost due to a breach to the provider’s systems, even though your own systems were not breached.

Do you own or operate any offices in the United States of America? If yes, then you may be exposed to privacy breach notification requirements which apply to companies operating in over 45 States across the US. A failure to provide timely notification can give rise to significant regulatory fines as well as exposing the business to expensive class action law suits.

To find out more about Flaxmans contact us

If you are an Insurance Broker do join our Brokers Portal where you can download our full factsheet on Cyber and many more free documents.